PCI DSS is the abbreviation of “Payment Card Industry Data Security Standard”. It is a widely accepted actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express. Any credit, debit or cash card should apply this standard.
The volume of card transactions has been doubled in the last ten years; and payments by consumers for online and in-app purchases are continuously growing too. Yet the number of frauds in recent years rises accordingly. Cardholders use their debit or credit cards to purchase products or services and risk financial losses, so we have to make sure that all the sensitive transaction data are well protected.
What is the aim of PCI DSS and whom should it apply to?
PCI DSS provides a baseline of technical and operational requirements designed to optimize the security of card transactions and protect cardholders against misuse of their personal information. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, service providers, and all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).
What are requirements of PCI CSS?
PCI DSS consists of 12 requirements, which are divided into 6 major objectives.
1. Build and Maintain a Secure Network and Systems
2. Protect Cardholder Data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an Information Security Policy